Proof-of-concept code for exploiting Bash-using CGI scripts to run code with the same privileges as the web server is already floating around the web. A simple Wget fetch can trigger the bug on a vulnerable system.

Diagnostic Steps
To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test

If you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

Step 4: Continue the installation http://192.168.1.1/docuwiki/install.php
Ignore the security warning, we can only move the data directory after installing.
fill out form and click save
Step 5: Delete install.php for security

# rm /var/www/html/dokuwiki/install.php

Step 6: Create and move data, bin (CLI) and cond directories out of apache directories for security
Assuming apache does not access /var/www, only /var/www/html and /var/cgi-bin secure dokuwiki (or use different directory):

<?php
// DO NOT use a closing php tag. This causes a problem with the feeds,
// among other things. For more information on this issue, please see:
// http://www.dokuwiki.org/devel:coding_style#php_closing_tags
define('DOKU_CONF','/var/www/dokudata/conf/');

* Note the comments why there is no closing php
Step 8: Update dokuwiki where the data directory is

# vim /var/www/dokudata/conf/local.php

$conf['savedir'] = '/var/www/dokudata/data/';

Step 9: Set permission for dokuwiki again for the new directory with same permissions

Thursday, September 18, 2014

Systemd, now available in Red Hat Enterprise Linux 7, offers you shorter system startup, refined control for process startup and management, and enhanced logging through journald. Learn more about systemd and how to get started.

Do take a look at the video clips and articles offered by Red Hat Enterprise Linux. All the information can be found at Starting with systemd

Systemd Startup
Working with Systemd targets
Enabling services at runtime
Converting init scripts to systemd units
Managing services with systemd
Shutting down and hibernating the system
Controlling Systems on a remote system

Wednesday, September 17, 2014

MIME Types
(sometimes referred to as "Internet media types") are the primary method to
indicate the type of resources delivered via MIME-aware protocols such as HTTP
and email. User agents (such as browsers) use media types to determine whether
that user agent supports that specific format, and how the content should be
processed. When an SVG document is not served with the correct MIME Type in the
Content-Type header, it might not work as intended by the author; for example,
a browser might render the SVG document as plain text or provide a "save-as"
dialog instead of rendering the image.

Step 1: To add SVG MIME as list of supported MIME Type, simply add these lines to your /etc/httpd/conf/httpd.conf. I have placed it at around line 786

There are many reasons to create a RAM Disk. One reason is to have a isolated latency test or throughput test between interconnect, but discounting the effects of the spinning disk I/O that might be the bottleneck to the test. Another case is to store temp files which require very fast I/O. Nothing beats memory.

The IPP 8.1 release (Package ID: l_ipp_8.1.0.144) is available as a stand-alone download or bundled with the Intel® Composer XE 2013 SP1 Update 2 release (Package id: l_ccompxe_2013_sp1.2.144) for customers with valid licenses from the Intel Registration Center.

The defect is caused by improper initialization an internal variable used within the script that leads to the error “arch: Undefined variable.” when the script is sourced directly or indirectly via the compilersvars.csh script (found under: /opt/intel/composer_xe_2013_sp1/bin).

In lieu of a permanent fix, users (or sys-admins) with appropriate root privileges can edit the ippvars.csh file to insert ONLY the new line 37 as noted in the code snippet below (ahead of line 38 which is the original line 37) to set the variable arch to the value of the first incoming argument (e.g. $1):

Saturday, September 6, 2014

SINGAPORE,
28 August 2014 – Singapore Advanced Research and Education Network (SingAREN)
announced today the launch of SingAREN-Lightwave Internet Exchange (SLIX),
the first 100Gbps community network to be set up in the Southeast Asia region.

With
SLIX, Singapore’s Research and Education (R&E) community will gain seamless
access to a super high speed network with a hundred times more capacity than
before; and enjoy bandwidth fully dedicated to their use. Built on an optical
fibre core comprising dark fibres, SLIX allows resiliency, future capacity
upgrade, and technology-proof network connectivity.

The
new network also opens up new possibilities as a test-bed, extending database
mirroring services, bilateral disaster recovery, high performance computing
federation and shared services, high volume peering for content data networks
and other value-adding services to the R&E community. In addition, SLIX
will also enable research organisations to test different protocols for
interconnections such as the Infiniband; and optical network researchers to
carry out their experiments.

“SingAREN
is proud to be the first to launch a 100 Gbps research and education network in
the region. By increasing the network speed by ten-fold and with our suite of
value-added services, SingAREN aims to facilitate collaborations amongst our
local research organisations and with their international counterparts,” said
A/Prof Francis Lee Bu Sung, President of SingAREN. “We would like to thank
A*STAR, NTU and NUS for working closely with us to realise this network.”

Funded
by SingAREN and the National Research Foundation (NRF), SLIX is a collaboration
and a network built between SingAREN, the Agency for Science, Technology and
Research (A*STAR), the Nanyang Technological University (NTU) and the National
University of Singapore (NUS).

SingAREN
selected 3D Networks to build the first 100 Gbps research and education network
in the region. 3D Networks has deployed a flexible and programmable Packet
Optical Platform meeting the advanced requirements of global research
collaborators, and capable of scaling up to 400Gbps and beyond. 3D Networks
built the DWDM network with the Ciena (NYSE: CIEN)

6500 Converged Packet Optical solution, and
with Ciena’s Network Operations Centre and Network Transformation Solutions
team providing management and monitoring of the network. The solution is
supplemented with Brocade’s Open Flow enabled equipment.